La difference' is stark in EU, U.S. privacy laws - 1 views
started by Bonnie Sutton on 06 Jul 11
started by Bonnie Sutton on 06 Jul 11
Start a New Topic » « Back to the Educational Technology and Change Journal group
EU citizens well protected against corporate intrusion, but red tape is thick
http://www.msnbc.msn.com/id/15221111/ns/technology_and_science-privacy_lost/t/la-difference-stark-eu-us-privacy-laws/
George Steinmetz / Corbis file
An Automatic Number Plate Recognition system set up at a mobile checkpoint near Manchester, England, checks whether passing motorists have paid their vehicle tax. Those that haven't are arrested by a bit farther up the road by a waiting police car.
By Bob Sullivan
Technology correspondent
msnbc.com
updated 10/19/2006 11:19:45 AM ET
It started, some say, with Alexandre Dumas, famed French author of "The Three Musketeers."
Dumas was an aging French literary star when he embarked on a somewhat scandalous love affair with Adah Isaacs Menken, a 32-year-old Texas actress. Entranced with the still-young technology of photography, the two posed for clearly scandalous photographs. The photographer, smelling a quick profit, set out to sell them, and Dumas sued.
A Paris appeals court quashed this early paparazzi moment. In a ruling tha
t sounds quaint to the modern American ear, the court decided that posing for the photographs did not mean Dumas and Menken had surrendered their rights to privacy and dignity, even if they consented to do just that during a heady romantic moment. These rights trumped any commercial property rights the photographer might have claimed, the court said.
"Any sale by a person who had momentarily 'forgotten his dignity' had to remain effectively voidable,"
Yale law professor James Whitman wrote of the ruling in a paper titled "The Two Western Cultures of Privacy: Dignity versus Liberty." "One's privacy, like other aspects of one's honor, was not a market commodity that could simply be definitively sold."
European courts and lawmakers have been wrestling with the implications of technology and privacy ever since, often coming to conclusions that are foreign to their American counterparts.
In Europe, privacy is different
Some of those rulings might seem like a panacea for Americans who believe their privacy is slowly slipping away
In many parts of Europe, for example:
Personal information cannot be collected without consumers' permission, and they have the right to review the data and correct inaccuracies.
Companies that process data must register their activities with the government.
Employers cannot read workers' private e-mail.
Personal information cannot be shared by companies or across borders without express permission from the data subject.
Checkout clerks cannot ask for shoppers' phone numbers.
Those rights, and many others, stem from The European Union Directive on Data Protection of 1995, which mandated that each EU nation pass a national privacy law and create a Data Protection Authority to protect citizens' privacy and investigate attacks on it.
National laws come in several flavors, and emanate from varied traditions. But taken together, they are the backbone of a basic European principle: Privacy is a human right.
In this clear declaration, Europe ventures far from the patchwork approach taken by U.S. lawmakers. But a privacy heaven, it's not.
European trust government more
With those privacy protections come other, curious laws and regulations that would fluster most Americans.
Authorities in some European countries can veto a parent's choice for their baby's name in the name of preserving dignity, for example. Government officials also often cloak themselves in dignity to limit freedom of the press and evade public scrutiny.
Most important, while companies face severe regulations limiting their use of consumers' personal information, governments are largely exempt from such limitations. While the use of credit reports is rare in Europe, wiretapping is not. In the Netherlands, for example, wiretaps are 130 times more common than in the U.S. Many Europeans carry some kind of national ID card, still unthinkable for many in the U.S. In Germany, every citizen and long-term visitor must register his or her address with the police.
The reason that privacy laws in Europe and the U.S. are so different springs from a basic divergence in attitude: Europeans reserve their deepest distrust for corporations, while Americans are far more concerned about their government invading their privacy.
As a result, U.S. federal agencies have been given little power to limit the potentially privacy-invading behaviors of private companies. The Federal Trade Commission, the agency charged with protecting U.S. citizens from such intrusions, rarely acts against U.S. firms. When it does, its remedies are generally limited to small fines and out-of-court settlements.
Each European nation, on the other hand, has its Data Protection Authority to monitor corporate behavior. Consumers can appeal to the authority, which in some countries boasts far-ranging subpoena power. Fines for misbehavior are common.
Legacy of the Holocaust?
Some privacy experts argue that heightened European sensitivity to privacy stems from the horror of the Holocaust, when the Nazis used public and church records to identify Jews to be rounded up and sent to concentration camps. But others say the historical difference dates back much further - to Dumas, or even earlier, and the notion that governments are charged with actively protecting people.
"In Europe the first line of defense against private wrongdoing is the state," said Joel R. Reidenberg, privacy expert at Fordham University School Law School. "In the U.S. our instinct is more liberal: Let private actors sue each other."
These differences are more than theoretical, and several times have threatened to trigger trade and culture wars:
A post-Sept. 11 data sharing agreement that provided U.S. authorities with 34 pieces of information on each airline passenger entering the country on flights from Europe was ruled illegal earlier this year by the European Supreme Court. The dispute threatened to ground all flights into the U.S. from Europe until the U.S. Department of Homeland Security and the European Union announced a settlement on Oct. 6.
In June, the New York Times revealed that U.S. anti-terrorism officials are mining data from the Belgium-based Society for Worldwide Interbank Financial Telecommunications (SWIFT), which regulates most international banking transactions. Belgian officials opened an immediate investigation. Such data mining would be considered illegal under Belgian law.
In the late 1990s, e-commerce between Europe and the U.S. almost came to a halt after the EU's Data Protection Directive barred transfer of data to countries without comprehensive privacy protection laws. By EU standards, the U.S. falls far short of the requirements. Two years of negotiations ended in a "safe harbor" agreement promising privacy controls on EU data that flows into the U.S. Complaints about the system persist, however, from both sides.
Market efficiency vs. dignity
U.S. firms criticize the European limitations on data gathering, saying that regulations enforcing them are cumbersome and put Europe at a competitive disadvantage.
For example, only debtors who've defaulted on loans generally receive the European equivalent of a credit report, which places them on a sort of lending black list. Consumers who pay their bills on time do not get a "good" credit score.
Critics say that's a disadvantage because credit reports make consumer lending much safer for lenders, thereby reducing the cost of credit and increasing consumers' ability to borrow.
But defenders of the European system point to places like the U.K. and Ireland, where there's little evidence that access to mortgage loans is limited.
There is more on the site.